CVE-2022-3076

high

Description

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example.

References

https://wpscan.com/vulnerability/d18e695b-4d6e-4ff6-a060-312594a0d2bd

Details

Source: Mitre, NVD

Published: 2022-09-26

Updated: 2025-05-22

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H